Why do programs like TeamViever or MsTeams work through NAT or without dedicated IP, but programs like games with direct online p2p functionality don’t?

233 views

I understand that programs like MS Teams have their own severs with dedicated IPs that are used as “relays” to get around NAT restrictions. However, some programs like RADMIN manage to work p2p through NAT without needing a server . How does it all work?

In: 20

4 Answers

Anonymous 0 Comments

How does NAT work? In a nutshell, your home network has one externally facing IP address. If you were running exactly one computer directly connected to the internet, this would be fine because the computer would know that any requests it received were actually meant for it. But it is very unlikely you have this setup. Instead, almost certainly, you have a router in between your internet connection and your home network. This router receives packets of information from both the internet and your home network and decides where to send them. This allows you to have dozens or perhaps even hundreds of devices separately accessing the internet simultaneously as long as everything is designed reasonably well.

The way this is done is by your router keeping track of which computers on your home network have tried to connect to other computers, especially other computers outside your home network. The way things usually work is that, let’s say, you make a request to Google to connect to it by https. Your computer sends a request to your router: send this packet to Google on port 443. Your router figures out what Google is via DNS and sends that packet to Google on port 443. But it doesn’t send the packet from port 443. Instead it sends the packet from some random port, say 12345. Google servers respond to requests received at port 443, so they send a packet back to “you”. “You” in this case is your router, not your computer. Fortunately, your router kept a record of which connection you tried to create and which port it used to send that message. So when it gets a packet back from Google addressed to port 12345, it knows to forward that to your computer specifically. Awesome. Your connection works just fine, and a bunch of people can be connected to Google (or other services) at once because there are like 65,000 ports.

The issue you run into with direct P2P games is that usually your specific computer is not getting all of the packets from the internet. That’s the point of your router, to decide which devices on your home network are supposed to get which packets. Furthermore, it *shouldn’t* get all the packets from the internet for a variety of security and usability reasons.

But when you’re talking about direct p2p, the whole point of the connection between the computers is that it doesn’t require a server to spend a lot of resources running the game. That means computation and communication must be performed by the peers.

In the simplest implementation, instead of everybody sending their messages to Google, they have to send them to a random IP address, which might be your IP address. But if you get an incoming connection request from someone else instead of you having made the request, your router doesn’t necessarily have any idea of where to send it. There’s no way for it to figure out which device it needs to talk to inside of your network (in the abstract, but there are protocols to solve this problem). This is why sometimes games require you to explicitly establish port forwarding on your router to whatever device you’re using, like your PS5. Port forwarding is just telling your router that if it receives any packets on a particular port, it needs to send those packets to a specific computer on the internal network. That gets around your issue because your PS5 is just going to respond to any requests it gets on that port, and you assume that any correctly formed requests are going to be correctly processed by an application that’s listening to them. That is, you’ve got an application listening for this kind of request and it does something when it gets one, like starts a game.

There are a number of ways to get around NAT, to allow unknown peers to talk to each other, but not all games or programs implement them all, and they don’t all implement them correctly or well. So most big, expensive, professional companies will have a way to get around this issue for their programs that’s pretty straightforward and transparent to the user, but some other companies don’t.

For example, one way to get around this is to host what essentially are routers. You might have a game programmed to send its initial traffic to a particular central server. All that central server does is record who’s trying to talk to who and send that information to everyone who’s relevant. Basically, this allows the application to trick the firewall into accepting packets it kind of shouldn’t. That’s because the nature of the internet inherently means you don’t know exactly when you’re going to get a response, so once you send a request packet to an IP and port, your firewall is waiting for response packet from that IP and port for some amount of time. As long as you can get the time synchronization reasonably close, you can sort of trick the firewalls by sending packets from one client to the other, which primes the firewall to accept packets from that port and IP address. You do the same thing in the opposite direction. (That’s why you need a central server to coordinate this, so it can communicate when to try and what the IP address is and ports are.) This opens a hole in the firewall, because each firewall doesn’t realize that the other one rejected its initial packet. It’s waiting for a return packet from that port and IP address. That means that the second packets and the third packets and so on can get through even if the first ones couldn’t. This is called “NAT hole punching” and it’s one technique to solve this issue. The demands on the server are a lot lower because all they have to do is just tell one party that another party is trying to talk to them from this IP address and this port and vice versa, rather than transmitting all the data about player position and actions and so on.

___

To explain it another way, NAT is a system like a big apartment building or office building. The first line of the address is the only thing that means anything to the outside world: 1 Broadway. The second line of the address, like Office 22, doesn’t actually mean anything to the Post Office. They just deliver everything to 1 Broadway. It’s the job of the mail office in the building to know where Office 22 is and to get mail there. But imagine that the mail office got a letter addressed to 1 Broadway without any office number at all. How would it deal with it? Well, it depends on the office, but a lot of them would just throw that mail away, because you kind of figure that if someone is sending mail to the generic address without knowing who they’re trying to reach, they’re probably not sending you important information. After all, if you had sent a letter to someone, you would have put your full return address on it. This is basically what causes difficulties for P2P communications: the default tendency of the mail office to just throw away stuff that doesn’t have an obvious destination.

You are viewing 1 out of 4 answers, click here to view all answers.